[Oisf-devel] [COMMIT] OISF branch, master, updated. suricata-4.0.1-466-g7078b4e
OISF Git
noreply at openinfosecfoundation.org
Wed Feb 14 14:37:28 UTC 2018
This is an automated email from the git hooks/post-receive script. It was
generated because a ref change was pushed to the repository containing
the project "OISF".
The branch, master has been updated
via 7078b4e8e4c181de98615f99d719a40649944e53 (commit)
via e251c45d3d968567cfde897bfd95eaeab6053b1f (commit)
via 4d1fa4aaf96e3691172ca94b7be59a4bcf42212b (commit)
via 709b3bc1e4caa80d106a585b346fd9f051211c7d (commit)
via d14e51a4aa6c2111ff115b4fe4b1b36fd09d6bc9 (commit)
via c8bd489aa19525b4379a4b6c02b6ae06c7bb4e21 (commit)
via 82ffba20f4d8ee09f410e60de66338dde19198a2 (commit)
via 7823ef721f1e8e7296b915f15a56698bdc3700c4 (commit)
via 483ffc103cd1c887f3e48e8cdf52825264094aa1 (commit)
via 7f97fc40d5c5bccc2a381931e1300ce1c2c61ef1 (commit)
via 016d65fdf892b71792b51ef852056d170dcf06b8 (commit)
via 38ed6cd050caba6757248db689a46037031e2a17 (commit)
via d64785274e28814963f12c04b462ca2721a99d4a (commit)
via 91296d1eeccc238598d856368849743ba83bb2e6 (commit)
via efbd901385202825a8cb327fda513ac82cf1fbc8 (commit)
via ad16925bc90eba121791d6be2d796a6aa71348a1 (commit)
via 0de86211c6179f9a5829f69c495358a9b2f18619 (commit)
via 313661451d29d78f22cdcd7f47dc2c5fe1f89357 (commit)
via a499a44f7a0c9bcb8755b4e31cf7d908b7666276 (commit)
via f6e5cb1db6e5aa6ed27bd6d906a8b0af60af5085 (commit)
via 765b7a6b66c236aaf9658198d8c3ec4398668cbd (commit)
via bdb886bd68f0b4e770b7466f144b79af49e6c5e3 (commit)
via 2e8678a5ffa740434deb8880de1efb7e59ea0cfb (commit)
via c411519605fb1a9f22fd1a2901e0e37948c12991 (commit)
from 23ceb2cc26008a022b7c35e6477b41c69ef76870 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 7078b4e8e4c181de98615f99d719a40649944e53
Author: Victor Julien <victor at inliniac.net>
Date: Fri Feb 2 15:45:47 2018 +0100
flash: code cleanups
commit e251c45d3d968567cfde897bfd95eaeab6053b1f
Author: Victor Julien <victor at inliniac.net>
Date: Tue Dec 19 18:00:38 2017 +0100
detect/bsize: tests for http_request_line
commit 4d1fa4aaf96e3691172ca94b7be59a4bcf42212b
Author: Victor Julien <victor at inliniac.net>
Date: Sun Dec 10 21:39:50 2017 +0100
detect: bsize keyword
Allows matching on stickybuffers. Like dsize, it allows matching on
exact values, greater than and less than, and ranges.
For streaming buffers, such as HTTP bodies, the final size of the
body is only known at the end of the transaction.
commit 709b3bc1e4caa80d106a585b346fd9f051211c7d
Author: Victor Julien <victor at inliniac.net>
Date: Fri Nov 3 12:33:53 2017 +0100
rule analyzer: simple rules to json dumper
commit d14e51a4aa6c2111ff115b4fe4b1b36fd09d6bc9
Author: Victor Julien <victor at inliniac.net>
Date: Mon Dec 18 17:11:15 2017 +0100
detect/content: pass START/END flags to inspection
commit c8bd489aa19525b4379a4b6c02b6ae06c7bb4e21
Author: Victor Julien <victor at inliniac.net>
Date: Fri Nov 3 12:29:49 2017 +0100
detect: set implied flow direction based on keywords
commit 82ffba20f4d8ee09f410e60de66338dde19198a2
Author: Victor Julien <victor at inliniac.net>
Date: Wed Nov 1 08:33:37 2017 +0100
detect/dns_query: move to API v2. Supports transforms.
commit 7823ef721f1e8e7296b915f15a56698bdc3700c4
Author: Victor Julien <victor at inliniac.net>
Date: Wed Nov 1 08:33:09 2017 +0100
file_data: update to API v2
As we can have multiple files per TX we use the multi inspect
buffer support.
By using this API file_data supports transforms.
Redo part of the flash decompression as a hard coded built-in sort
of transform.
commit 483ffc103cd1c887f3e48e8cdf52825264094aa1
Author: Victor Julien <victor at inliniac.net>
Date: Wed Nov 1 08:32:31 2017 +0100
detect/http_request_line: convert to inspect api v2
commit 7f97fc40d5c5bccc2a381931e1300ce1c2c61ef1
Author: Victor Julien <victor at inliniac.net>
Date: Thu Oct 26 08:14:14 2017 +0200
detect/transform: initial to_sha256 implementation
Takes input buffer and replaces it with hash value for that buffer.
Hash value is in raw bytes.
commit 016d65fdf892b71792b51ef852056d170dcf06b8
Author: Victor Julien <victor at inliniac.net>
Date: Wed Oct 25 09:27:02 2017 +0200
detect/transform: initial compress_whitespace implementation
commit 38ed6cd050caba6757248db689a46037031e2a17
Author: Victor Julien <victor at inliniac.net>
Date: Thu Oct 26 10:20:07 2017 +0200
detect/transform: initial strip_whitespace implementation
commit d64785274e28814963f12c04b462ca2721a99d4a
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 31 13:49:42 2017 +0100
detect/prefilter: move hash into detect engine ctx
commit 91296d1eeccc238598d856368849743ba83bb2e6
Author: Victor Julien <victor at inliniac.net>
Date: Tue Oct 31 12:20:20 2017 +0100
detect/prefilter: add de_ctx to registration
commit efbd901385202825a8cb327fda513ac82cf1fbc8
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 30 22:37:42 2017 +0100
detect: move mpm engines into detect engine ctx
This allows safe registration at runtime.
commit ad16925bc90eba121791d6be2d796a6aa71348a1
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 30 19:42:35 2017 +0100
detect/inspect engines: copy to detect engine ctx
Register rule-time engines in the detect engine. This is necessary
now that rule parsing can create new buffers.
commit 0de86211c6179f9a5829f69c495358a9b2f18619
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 30 17:14:34 2017 +0100
detect: register dynamic buffers into de_ctx
Register buffers that are created during rule parsing. Currently
this means an existing buffer with one or more transformations.
commit 313661451d29d78f22cdcd7f47dc2c5fe1f89357
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 23 13:27:32 2017 +0200
content inspection: support transforms
Make sure content is applied to the transformed version of a buffer.
Support content with its modifiers, and also isdataat, pcre, bytetest
and bytejump.
commit a499a44f7a0c9bcb8755b4e31cf7d908b7666276
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 30 09:43:42 2017 +0100
detect: move buffer type map into detect ctx
Move previously global table into detect engine ctx. Now that we
can register buffers at rule loading time we need to take concurrency
into account.
Move DetectBufferType to detect.h and update DetectBufferCtx API calls
to include a detect engine ctx reference.
commit f6e5cb1db6e5aa6ed27bd6d906a8b0af60af5085
Author: Victor Julien <victor at inliniac.net>
Date: Tue Jan 23 12:25:33 2018 +0100
detect: prefilter/inspect API v2, with transforms
Introduce InspectionBuffer a structure for passing data between
prefilters, transforms and inspection engines.
At rule parsing time, we'll register new unique 'DetectBufferType's
for a 'parent' buffer (e.g. pure file_data) with its transformations.
Each unique combination of buffer with transformations gets it's
own buffer id.
Similarly, mpm registration and inspect engine registration will be
copied from the 'parent' (again, e.g. pure file_data) to the new id's.
The transforms are called from within the prefilter engines themselves.
Provide generic MPM matching and setup callbacks. Can be used by
keywords to avoid needless code duplication. Supports transformations.
Use unique name for profiling, to distinguish between pure buffers
and buffers with transformation.
Add new registration calls for mpm/prefilters and inspect engines.
Inspect engine api v2: Pass engine to itself. Add generic engine that
uses GetData callback and other registered settings.
The generic engine should be usable for every 'simple' case where
there is just a single non-streaming buffer. For example HTTP uri.
The v2 API assumes that registered MPM implements transformations.
Add util func to set new transform in rule and add util funcs for rule
parsing.
commit 765b7a6b66c236aaf9658198d8c3ec4398668cbd
Author: Victor Julien <victor at inliniac.net>
Date: Mon Oct 23 12:08:47 2017 +0200
detect: prep for dynamic smlists arrays in sigs
Initialize Signature::init_data::smlists like normal, but before use
expand them if needed.
commit bdb886bd68f0b4e770b7466f144b79af49e6c5e3
Author: Andreas Herz <andi at geekosphere.org>
Date: Tue Feb 13 23:41:47 2018 +0100
docs: remove many outdated and old install docs
commit 2e8678a5ffa740434deb8880de1efb7e59ea0cfb
Author: Andreas Herz <andi at geekosphere.org>
Date: Tue Feb 13 22:06:33 2018 +0100
docs: replace redmine links and enforce https on oisf urls
commit c411519605fb1a9f22fd1a2901e0e37948c12991
Author: Jason Ish <ish at unx.ca>
Date: Mon Feb 12 13:43:59 2018 -0600
app-layer: remove has events callback - not used
-----------------------------------------------------------------------
Summary of changes:
Makefile.am | 4 +-
README.md | 2 +-
configure.ac | 2 +-
doc/AUTHORS | 2 +-
doc/CentOS5.txt | 116 ----
doc/CentOS_56_Installation.txt | 116 ----
doc/Debian_Installation.txt | 90 ----
doc/Fedora_Core.txt | 76 ---
doc/FreeBSD_8.txt | 102 ----
doc/HTP_library_installation.txt | 18 -
doc/INSTALL | 2 +-
doc/INSTALL.PF_RING | 2 +-
doc/Installation_from_GIT_with_PCRE-JIT.txt | 119 -----
...from_GIT_with_PF_RING_on_Ubuntu_server_1104.txt | 73 ---
doc/Installation_with_PF_RING.txt | 207 --------
doc/Mac_OS_X_106x.txt | 72 ---
doc/Makefile.am | 16 +-
doc/NEWS | 3 +-
doc/OpenBSD_Installation_from_GIT.txt | 79 ---
doc/Setting_up_IPSinline_for_Linux.txt | 2 +-
doc/TODO | 3 +-
doc/Ubuntu_Installation.txt | 84 ---
doc/Ubuntu_Installation_from_GIT.txt | 115 ----
doc/Windows.txt | 189 -------
doc/userguide/capture-hardware/myricom.rst | 2 +-
doc/userguide/rule-management/suricata-update.rst | 2 +-
doc/userguide/rules/differences-from-snort.rst | 6 +-
doc/userguide/rules/file-keywords.rst | 2 +-
doc/userguide/rules/http-keywords.rst | 4 +-
rust/src/dns/dns.rs | 8 -
rust/src/nfs/nfs.rs | 8 -
rust/src/ntp/ntp.rs | 10 -
rust/src/parser.rs | 3 -
src/Makefile.am | 4 +
src/app-layer-detect-proto.c | 2 +-
src/app-layer-dnp3.c | 16 -
src/app-layer-dns-common.c | 6 -
src/app-layer-dns-common.h | 1 -
src/app-layer-dns-tcp-rust.c | 7 -
src/app-layer-dns-tcp.c | 1 -
src/app-layer-dns-udp-rust.c | 8 -
src/app-layer-dns-udp.c | 1 -
src/app-layer-enip.c | 7 -
src/app-layer-htp.c | 7 -
src/app-layer-modbus.c | 6 -
src/app-layer-nfs-tcp.c | 9 -
src/app-layer-nfs-udp.c | 9 -
src/app-layer-parser.c | 14 +-
src/app-layer-parser.h | 2 -
src/app-layer-register.c | 6 -
src/app-layer-register.h | 1 -
src/app-layer-ssl.c | 8 -
src/app-layer-template.c | 10 -
src/app-layer-tftp.c | 9 -
src/detect-ack.c | 6 +-
src/detect-app-layer-protocol.c | 4 +-
src/detect-base64-data.c | 2 +-
src/detect-bsize.c | 322 ++++++++++++
src/{detect-nfs-procedure.h => detect-bsize.h} | 12 +-
src/detect-byte-extract.c | 9 +-
src/detect-bytejump.c | 3 +
src/detect-bytetest.c | 3 +
src/detect-content.c | 8 +-
src/detect-dce-stub-data.c | 16 +-
src/detect-dnp3.c | 6 +-
src/detect-dns-query.c | 237 ++++++++-
src/detect-dsize.c | 6 +-
src/detect-engine-analyzer.c | 160 +++++-
src/detect-engine-analyzer.h | 10 +-
src/detect-engine-build.c | 55 +-
src/detect-engine-content-inspection.c | 49 +-
src/detect-engine-content-inspection.h | 11 +-
src/detect-engine-dns.c | 130 -----
src/detect-engine-dns.h | 6 -
src/detect-engine-filedata.c | 249 ++++-----
src/detect-engine-filedata.h | 14 +-
src/detect-engine-hcbd.c | 13 +-
src/detect-engine-hcbd.h | 3 +-
src/detect-engine-hcd.c | 12 +-
src/detect-engine-hcd.h | 6 +-
src/detect-engine-hhhd.c | 7 +-
src/detect-engine-hhhd.h | 3 +-
src/detect-engine-hmd.c | 7 +-
src/detect-engine-hmd.h | 3 +-
src/detect-engine-hrhd.c | 16 +-
src/detect-engine-hrhd.h | 6 +-
src/detect-engine-hrhhd.c | 7 +-
src/detect-engine-hrhhd.h | 3 +-
src/detect-engine-hrud.c | 7 +-
src/detect-engine-hrud.h | 3 +-
src/detect-engine-hsbd.c | 237 ++-------
src/detect-engine-hsbd.h | 9 +-
src/detect-engine-hscd.c | 7 +-
src/detect-engine-hscd.h | 3 +-
src/detect-engine-hsmd.c | 7 +-
src/detect-engine-hsmd.h | 3 +-
src/detect-engine-hua.c | 7 +-
src/detect-engine-hua.h | 3 +-
src/detect-engine-loader.c | 6 +-
src/detect-engine-mpm.c | 187 ++++++-
src/detect-engine-mpm.h | 17 +-
src/detect-engine-payload.c | 20 +-
src/detect-engine-payload.h | 6 +-
src/detect-engine-port.c | 134 ++---
src/detect-engine-port.h | 4 +-
src/detect-engine-prefilter-common.c | 39 +-
src/detect-engine-prefilter-common.h | 6 +-
src/detect-engine-prefilter.c | 172 +++---
src/detect-engine-prefilter.h | 15 +-
src/detect-engine-register.c | 12 +-
src/detect-engine-register.h | 6 +
src/detect-engine-siggroup.c | 16 +-
src/detect-engine-siggroup.h | 2 +-
src/detect-engine-tls.c | 35 +-
src/detect-engine-tls.h | 15 +-
src/detect-engine-uri.c | 7 +-
src/detect-engine-uri.h | 3 +-
src/detect-engine.c | 585 ++++++++++++++++++---
src/detect-engine.h | 41 +-
src/detect-fast-pattern.c | 12 +-
src/detect-fast-pattern.h | 3 +-
src/detect-file-data.c | 33 +-
src/detect-filemagic.c | 2 +-
src/detect-flags.c | 6 +-
src/detect-flow.c | 37 +-
src/detect-flow.h | 2 +
src/detect-flowbits.c | 4 +-
src/detect-fragbits.c | 6 +-
src/detect-fragoffset.c | 6 +-
src/detect-http-header-names.c | 12 +-
src/detect-http-header.c | 16 +-
src/detect-http-headers-stub.h | 14 +-
src/detect-http-protocol.c | 12 +-
src/detect-http-request-line.c | 208 ++++----
src/detect-http-response-line.c | 10 +-
src/detect-http-start.c | 12 +-
src/detect-icmp-id.c | 6 +-
src/detect-icmp-seq.c | 6 +-
src/detect-icode.c | 6 +-
src/detect-id.c | 6 +-
src/detect-isdataat.c | 2 +
src/detect-itype.c | 6 +-
src/detect-lua.c | 2 +-
src/detect-parse.c | 143 ++++-
src/detect-parse.h | 3 +-
src/detect-pcre.c | 3 +
src/detect-seq.c | 6 +-
src/detect-ssh-proto.c | 12 +-
src/detect-ssh-software.c | 12 +-
src/detect-template-buffer.c | 6 +-
src/detect-transform-compress-whitespace.c | 190 +++++++
...re.h => detect-transform-compress-whitespace.h} | 8 +-
src/detect-transform-sha256.c | 130 +++++
...t-nfs-procedure.h => detect-transform-sha256.h} | 8 +-
src/detect-transform-strip-whitespace.c | 182 +++++++
...edure.h => detect-transform-strip-whitespace.h} | 8 +-
src/detect-ttl.c | 6 +-
src/detect.c | 19 +-
src/detect.h | 145 ++++-
src/suricata.h | 2 +-
src/tests/detect-bsize.c | 134 +++++
src/tests/detect-engine-content-inspection.c | 2 +-
src/util-file-decompression.c | 61 +--
src/util-file-decompression.h | 2 +-
src/util-file-swf-decompression.c | 6 +-
src/util-file-swf-decompression.h | 2 +
src/util-profiling-keywords.c | 14 +-
src/util-profiling-prefilter.c | 15 +-
suricata.yaml.in | 4 +-
threshold.config | 2 +-
170 files changed, 3343 insertions(+), 2902 deletions(-)
delete mode 100644 doc/CentOS5.txt
delete mode 100644 doc/CentOS_56_Installation.txt
delete mode 100644 doc/Debian_Installation.txt
delete mode 100644 doc/Fedora_Core.txt
delete mode 100644 doc/FreeBSD_8.txt
delete mode 100644 doc/HTP_library_installation.txt
delete mode 100644 doc/Installation_from_GIT_with_PCRE-JIT.txt
delete mode 100644 doc/Installation_from_GIT_with_PF_RING_on_Ubuntu_server_1104.txt
delete mode 100644 doc/Installation_with_PF_RING.txt
delete mode 100644 doc/Mac_OS_X_106x.txt
delete mode 100644 doc/OpenBSD_Installation_from_GIT.txt
delete mode 100644 doc/Ubuntu_Installation.txt
delete mode 100644 doc/Ubuntu_Installation_from_GIT.txt
delete mode 100644 doc/Windows.txt
create mode 100644 src/detect-bsize.c
copy src/{detect-nfs-procedure.h => detect-bsize.h} (69%)
create mode 100644 src/detect-transform-compress-whitespace.c
copy src/{detect-nfs-procedure.h => detect-transform-compress-whitespace.h} (78%)
create mode 100644 src/detect-transform-sha256.c
copy src/{detect-nfs-procedure.h => detect-transform-sha256.h} (83%)
create mode 100644 src/detect-transform-strip-whitespace.c
copy src/{detect-nfs-procedure.h => detect-transform-strip-whitespace.h} (80%)
create mode 100644 src/tests/detect-bsize.c
hooks/post-receive
--
OISF
More information about the Oisf-devel
mailing list